config setup
    #charondebug="all"
    #uniqueids=yes
    #strictcrlpolicy=yes
    cachecrls=yes

#ca ca-wit       #define alternative CRL distribution point
#    cacert=ca-wit.crt
#    crluri=ca-wit.crl
#    auto=add

conn %default
    mobike=no
    keyingtries=%forever
    dpdtimeout=10
    dpddelay=3
    dpdaction=restart
    type=transport
    keyexchange=ikev1
    ike=aes128-sha1-modp2048!
    esp=aes128-sha1-modp2048!


conn loopbacks
    auto=route
    leftsubnet=10.1.2.0/24,10.1.18.0/24,10.1.20.0/24
    rightsubnet=10.1.2.0/24,10.1.18.0/24,10.1.20.0/24
    right=%any
    leftcert=HOSTNAME.DOMAINNAME.crt
    leftid="C=US, O=Wit, CN=HOSTNAME.DOMAINNAME"
    rightid="C=US, O=Wit, CN=*"